Pierluigi Paganini
April 08, 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online Kindle Edition Paper Copy Once again thank you! · Airbnb China will share hosts information with the government · Any social media […]
Pierluigi Paganini
April 07, 2018
Personal information belonging to more than 130,000 Finnish citizens have been compromised in the third largest data breach ever happened in the country. The data breach affected a website maintained by the New Business Center in Helsinki (“Helsingin Uusyrityskeskus”), that is company that provides business advice to entrepreneurs. “Data batches have overwritten username and password for over 130,000 […]
Pierluigi Paganini
April 07, 2018
Early this year at least three European financial institutions were hit by DDoS attacks powered by a new variant of the Mirai botnet. A variant of the Mirai botnet, composed at lease of 13,000 compromised IoT devices was used to launch a series of DDoS attacks against financial sector businesses. The DDoS attacks peaked at up […]
Pierluigi Paganini
April 06, 2018
Security experts have discovered a vulnerability in the Spring Framework that could be exploited by a remote attacker to execute arbitrary code on applications built with it. Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of them could be exploited by a remote attacker to execute arbitrary code on applications built […]
Pierluigi Paganini
April 06, 2018
A payment card breach suffered by [24]7.ai. between September 26 and October 12, 2017, is impacting major firm, including Best Buy, After Delta Air Lines and Sears Holdings. Another day another data breach, while media are reporting the security breach suffered Delta Air Lines and Sears Holdings due to the [24]7.ai a payment card breach, […]
Pierluigi Paganini
April 06, 2018
Cisco PSIRT has published a new security advisory for abuse of the Smart Install protocol, the IT giant has identified hundreds of thousands of exposed devices online. Cisco is advising organizations that hackers could target its switches via the Smart Install protocol. The IT giant has identified hundreds of thousands of exposed devices and warned critical infrastructure […]
Pierluigi Paganini
April 05, 2018
Third-party scrapers have exploited an issue in the Facebook ’s search function that allows anyone to look up users via their email address or phone numbers. Facebook revealed on Wednesday that 87 million users have been affected by the Cambridge Analytica case, much more than 50 million users initially thought. Facebook is the middle of a storm, Mark […]
Pierluigi Paganini
April 05, 2018
The North Korea-linked APT group known as Lazarus made the headlines again for attacking an online casino in Central America and other targets. The activity of the Lazarus Group (aka Hidden Cobra) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. […]
Pierluigi Paganini
April 04, 2018
Hackers compromised hundreds of Magento e-commerce websites to steal credit card numbers and install crypto-mining malware. According to the security firm Flashpoint, hackers launched brute-force attacks against Magento installs, they used a dictionary composed of common and known default Magento credentials. “Ecommerce websites running on the popular open-source Magento platform are being targeted by attackers who are using […]
Pierluigi Paganini
April 04, 2018
On April 3, Microsoft Out-Of-Band Security Update to address the CVE-2018-0986 vulnerability affecting the Microsoft Malware Protection Engine (MMPE). Microsoft Malware Protection Engine is the core component for malware detection and cleaning of several Microsoft anti-malware software. It is currently implemented in Windows Defender, Microsoft Security Essentials, Microsoft Endpoint Protection, Windows Intune Endpoint Protection, and Microsoft Forefront Endpoint […]
